Hack reminder of growing threat

Students interested in scoring some free Viagra were in for a treat Thursday.

And then cold disappointment.

Searches for certain University institutions’ websites Wednesday and Thursday on Google revealed an advertisement for “free” or “cheap” Viagra pills as the top result.

The hack, made possible by a mistake by an Information Technology Services department employee performing maintenance on a UNC site, offered administrators a reminder of the visible — and growing — threat to the UNC’s IT information.

About 30,000 attempts to hack into University computers occur every day, said Larry Conrad, vice chancellor for information technology and chief information officer.

“Higher education institutions are destination resorts for the worldwide hacking community,” said Conrad, adding that it can take hundreds of hours for UNC to investigate and fix a hack.

In early July, Conrad sent a formal notice to employees stating that findings by the Office of the State Auditor for North Carolina identified weaknesses in the University’s approach to managing IT security.

Google searches for “UNC Campus Health” and “UNC Student Union” revealed separate advertisements for the Viagra pills as the top result. But the links connected to the legitimate University websites.

Stan Waddell, director of information security, said if students had clicked either of the links Thursday morning they would have seen a banner advertisement for Viagra on each of the websites’ home pages.

Brian Payst, director of information technology in the division of student affairs, said the Google hack was of minor consequence and that there would be no long-term effects.

The larger concern, he said, is the protection of sensitive information, including campus health records and social security numbers.

“Realistically, a couple of days of a Google cache entry, who cares? Your campus health data — I care about that,” Payst said.

The hack happened after an information technology employee finished site maintenance, then left some incorrect identifying information, allowing a “spam bot” to insert some text onto the site, Payst said. Google later used the inserted “spam bot” text for the cache, which is the text shown beneath the link.

Payst said his department took the proper steps Thursday to correct the cache on Google, but he had no input on when it would be removed.

The episode was a reminder of new and more clever hacking threats, Conrad said.